Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!

Members connecting via our Windows network access widget do not need to manually download or implement these configuration files, as they are pre-packaged with the widget installer.

This thread exists to serve as a one-stop location for the most current version of the client configuration files for cryptostorm. As new versions complete alpha (internal) and beta (community) testing successfully, they'll be swapped into this post - so that there's always the most current approved configs (and only the most current versions) here in this thread.

Note that all config files in this post have, as of today (12 January 2014) been upgraded to Hostname Assignment Framework compliance. This delivers vastly improved session security, resilience, and flexibility as our network continues to grow and expand.

A much deeper discussion of client configuration files, as well as archival copies of earlier versions, can be found in a separate, parallel thread. To ensure that discussion stays in one place, this post is locked & does not accept replies. Please, if you've got feedback or questions or comments on the config files, post them in the parallel thread - thanks!

These configuration files vary only in the choice of exitnode clusters embedded in them, and in their tuning for use with particular operating systems. Otherwise, they are identical to each other. Selected cipher suites, session parameters, and authentication methods are the same. Windows-based members connect to dedicated "instances" of our servers, and mostly everyone else can use the configuration files labelled "Linux." (we used to call those "raw" files but it was a terrible name and so we've moved to just using "Linux," even though it'll support BSD/OSX, and many other operating systems)

You will notice that there's two different ways to do broad-spectrum, "randomised" connections to our global network: dynamic, and settled. We can dig deeper into the differences in these models elsewhere; for here, it's best to think of the "settled" versions being less likely to "jump around" between geographically dispersed nodes during routine network interruptions. Conversely, "dynamic" balancers will be more aggressive in effectively randomising the node to which each session connects - including routine reconnects. Some folks like the extra variability and attack-surface hardening of the dynamic model; others want a bit more stability of node selection and thus the "settled" balancer does well for them.

Otherwise, network connections are made based on exitnode clusters as defined by a city (or, in a small number of cases, a geographic section of a larger country); this, again, relates to the HAF approach to network resilience, and is able to help ensure the network is always available, even with the routine ups and downs of individual nodes.

There's been a request (via twitter) to have a tl;dr list of the current, HAF-compliant (1.4) --remote connection parameters, for those who prefer to simply do edits to their client-side conf's rather than downloading new ones (or using the widget). As such, I'll post this here and ensure it stays current.

note: each of these entries can be expanded into any of the four top-level domain (TLD) resolvers we are currently using for this process:

This procedure is explained more fully in the complete HAF whitepaper, for those curious as to what purpose it serves and why we've developed this approach to resolver-based network resource identification.

Finally, these for linux; the exact same resolvers are always available for windows connections: simply replace "linux" with "windows"